Information Privacy and Records & Information Management

Colleges and universities possess an inordinate volume and variety of personal information
about students and their families, employees, applicants, alumni, and donors for which
they are subject to a broad array of privacy and security laws and regulations.

Consequently, ALL university employees--executives, administrators, counselors, faculty,
and staff--have both a legal and a moral responsibility to protect the privacy of
all internal and external constituents by remaining aware of federal, state, and municipal
regulations that pertain to the disclosure of information contained in official institutional
records. If this obligation is not taken seriously, information breaches can bring
legal liabilities to colleges and universities that can result in substantial financial
costs, and just as importantly, in damage to an institution's public reputation.

information privacy

Although privacy is often viewed as a legal or IT issue, Records and Information
Management also has an intrinsic responsibility to control the management of and access
to personal information.

Regardless of the location, size, or type, as businesses collect increasing amounts
of personally identifiable information (PII), the protection of this information has
become one of the largest--and most important--organizational challenges. Consequently,
the more personal information that is gathered, the more stringent the measures that
must be undertaken to protect that information.

What is Privacy?

According to the U.S. Dept. of Justice, privacy is defined as an individual's interest in preventing the inappropriate collection,
use, and release of personally identifiable information. Privacy interests include
privacy of personal behavior, privacy of personal communications, and privacy of personal
data.

Other definitions of privacy include the capacity to be physically alone (solitude);
to be free from physical interference, threat, or unwanted touching (assault, battery);
or to avoid being seen or overheard in particular contexts.

What Is Personally Identifiable Information (PII)?

Personally identifiable information is one or more pieces of information that when
considered together or when considered in the context of how it is presented or how
it is gathered is sufficient to identify an individual. The pieces of information
can be personal characteristics, a unique set of numbers or characters assigned to
a specific individual, descriptions of events or points in time, and descriptions
of locations or places. Examples include an individual's name in conjunction with
their social security number or bank account numbers.

For additional and more in-depth information on information privacy, please see the
following links: